Fastjson 1.2.41 Remote Code Execution Vulnerability Scanner

Fastjson is a high-performance JSON library for Java, used for parsing, generating, and processing JSON data. It's widely adopted in Java-based applications due to its rich features and efficiency in processing large volumes of data. Fastjson is often utilized in web applications, data exchange services, and microservices for its ability to quickly serialize and deserialize data. The library's ease of use and integration makes it a preferred choice for developers in the Java ecosystem. However, certain versions, like 1.2.41, have been identified with vulnerabilities that could compromise the security of applications using it.

The Fastjson version 1.2.41 contains a critical vulnerability that allows for remote code execution due to deserialization of untrusted data. This flaw can be exploited by an attacker to execute arbitrary code remotely on the server where the application is running. The vulnerability leverages Fastjson's feature of processing JSON data that includes type information, enabling the execution of malicious payload through crafted JSON requests. The high CVSS score of 10 underscores the severity, indicating a potential for significant impact on confidentiality, integrity, and availability.

The vulnerability is triggered when Fastjson processes a specially crafted JSON object containing a reference to an external resource through Java's Remote Method Invocation (RMI). This JSON object manipulates Fastjson's deserialization process to load and execute remote code specified by the attacker. The exploit is delivered via a POST request with a JSON payload that specifies @type to utilize Java's JdbcRowSetImpl class, redirecting the dataSourceName to an attacker-controlled RMI server. This manipulation leads to the execution of arbitrary code hosted on the attacker's server, without any authentication or user interaction.

Exploiting this vulnerability can lead to complete control over the affected server, allowing an attacker to access sensitive data, modify system configurations, deploy malware, or use the compromised system as a launchpad for further attacks. The impact is particularly severe due to the remote execution capability, making it critical for systems using Fastjson 1.2.41 to address the vulnerability promptly to mitigate potential damages.

By utilizing Security for Everyone's advanced scanning technology, users can identify vulnerabilities like the RCE in Fastjson 1.2.41 and other critical security issues. Our platform provides comprehensive scans that reveal hidden vulnerabilities, coupled with detailed reports and remediation guidelines. Membership offers ongoing protection and expert support, ensuring that your systems are safeguarded against current and emerging threats. Joining Security for Everyone empowers you to maintain a strong security posture and protect your digital assets effectively.

References

• https://github.com/tdtc7/qps/tree/4042cf76a969ccded5b30f0669f67c9e58d1cfd2/Fastjson
• https://github.com/wyzxxz/fastjson_rce_tool